• Abstract and Figures
• Public Full-text

CSE 127: INTRODUCTION TO Security LecturE 18: Advanced ThrEATS Nadia Heninger UCSD Winter 2021 TODAY • Case STUDIES OF ADVANCED HACKING AND OTHER EXPLOITATION (mostly CARRIED OUT BY GOvernments) • Goal: Put TOGETHER IDEAS LEARNED DURING THE QUARTER TO UNDERSTAND THE SECURITY ISSUES THESE DIffERENT ATTACKS RAISED • RecoVER FROM backups. WherE ARE THE BACKUPS STORed? • One option: The VENDOR WHO SOLD YOU THE PRODUCT HAS A RECOVERY service. RSA SecurID Service http://www.f-secure.com/weblog/archives/00002226.html • Recall: HarDWARE TOKENS COMMONLY USED FOR two-factor authentication. • An ATTACKER WHO USES PHISHING TO STEAL LOGIN CREDENTIALS WON’T BE ABLE TO LOG IN WHEN 2FA ENABLED UNLESS THEY CAN LEARN A VALID code. • HarDWARE TOKEN SECRETS STORED ON ORGANIZATION AUTHENTICATION SERVER AND IN TOKens. • What HAPPENS IF THE AUTHENTICATION SERVER CRashes? • One option: The VENDOR WHO SOLD YOU THE PRODUCT HAS A RECOVERY service. RSA SecurID Service http://www.f-secure.com/weblog/archives/00002226.html • Recall: HarDWARE TOKENS COMMONLY USED FOR two-factor authentication. • An ATTACKER WHO USES PHISHING TO STEAL LOGIN CREDENTIALS WON’T BE ABLE TO LOG IN WHEN 2FA ENABLED UNLESS THEY CAN LEARN A VALID code. • HarDWARE TOKEN SECRETS STORED ON ORGANIZATION AUTHENTICATION SERVER AND IN TOKens. • What HAPPENS IF THE AUTHENTICATION SERVER CRashes? • RecoVER FROM backups. WherE ARE THE BACKUPS STORed? RSA SecurID Service http://www.f-secure.com/weblog/archives/00002226.html • Recall: HarDWARE TOKENS COMMONLY USED FOR two-factor authentication. • An ATTACKER WHO USES PHISHING TO STEAL LOGIN CREDENTIALS WON’T BE ABLE TO LOG IN WHEN 2FA ENABLED UNLESS THEY CAN LEARN A VALID code. • HarDWARE TOKEN SECRETS STORED ON ORGANIZATION AUTHENTICATION SERVER AND IN TOKens. • What HAPPENS IF THE AUTHENTICATION SERVER CRashes? • RecoVER FROM backups. WherE ARE THE BACKUPS STORed? • One option: The VENDOR WHO SOLD YOU THE PRODUCT HAS A RECOVERY service. 2011 RSA HACK • IN 2011, AN RSA EMPLOYEE WAS phished. • The MALICIOUS ExCEL fiLE CONTAINED A Flash 0day EXPLOIT TO OBTAIN ARBITRARY CODE EXecution. • The MALWARE CONNECTED TO A SERVER AND INSTALLED REMOTE ACCESS ON THE INFECTED computer. http://www.f-secure.com/weblog/archives/00002226.html 2011 RSA Hack RSA DISCLOSED THE attack, BUT NOT THE DATA THAT WAS TARgeted. https://blogs.rsa.com/anatomy-of-an-attack/ 2011 RSA Hack • The ATTACKERS TARGETED Lockheed-Martin AND Northrop-Grumman. • Attack WAS ATTRIBUTED TO China BY Keith Alexander. • RSA HAD TO REPLACE TOKENS FOR CUSTOMERS GLOBALLY AFTER THE hack. 2012 Flame MalwarE • 2012 Flame MALWARE WAS DISCOVERED ON WindoWS COMPUTERS MOSTLY IN THE Middle East. • Functionality MOSTLY AIMED AT espionage: RECORDING audio, SCReenshots, KEYBOARd, network, Skype sessions. Kaspersky MicrOSOFT Code-Signing • MicrOSOFT USES CODE SIGNING TO AUTHENTICATE SOME PROGRAMS AND DRIVERS AND PREVENT MALWARe. • Code SIGNING SIGNS A BINARY WITH A DIGITAL SIGNATURe. • The OS VALIDATES THE DIGITAL SIGNATURE USING THE PUBLIC KEY CONTAINED IN A CERTIfiCATE DISTRIBUTED WITH THE code. • The OS VALIDATES THE CERTIfiCATE BY VERIFYING A CHAIN OF DIGITAL SIGNATURES FROM A CHAIN OF CERTIfiCATES BACK TO A TRUSTED ROOT CERTIficate. The Flame MALWARE WAS SIGNED BY A VALID code-signing CERTIfiCATE THAT CHAINED BACK TO MicrOSOFT’S Root. Certificate hierarchy Microsoft Root Certificate Authority Microsoft Windows Verification Microsoft Enforced Licensing PCA Intermediate PCA Microsoft Enforced Licensing Microsoft Windows Registration Authority CA Microsoft LSRA PA ntdll.dll MS ?!?!? WuSetupV.exe Flame MalwarE Code-Signing CertifiCATE • VENDORS COULD OBTAIN code-signing CERTIfiCATES BY REGISTERING AN ACTIVATED TERMINAL Server WITH Microsoft. • AttackERS WANTED TO SPOOF WindoWS Update server. • SpoofiNG WindoWS Update WITH A TERMINAL Update CERTIfiCATE DIDN’T WORK ON WindoWS Vista OR 7. • AttackERS FOUND A MicrOSOFT SERVER STILL USING MD5 TO SIGN CERTIficates. • The ATTACKERS CARRIED OUT AN MD5 HASH COLLISION ATTACK TO OBTAIN A VALID SIGNATURE FOR A CERTIfiCATE OF THEIR choice. https://msrc-blog.microsoft.com/2012/06/03/microsoft-releases-security-advisory-2718704/ SpoofiNG DIGITAL CERTIfiCATES USING HASH COLLISIONS • Recall: A DIGITAL SIGNATURE IS COMPUTED AS σ = Sign (pad( ( ))) PRIVKEY H M FOR H A collision-rESISTANT HASH FUNCTION AND A PADDING FUNCTION pad. • IF AN ATTACKER CAN fiND M1 AND M2 SUCH THAT ( ) = ( ) H M1 H M2 , THEN σ = Sign (pad( ( ))) = σ = Sign (pad( ( ))) 1 PRIVKEY H M1 2 PRIVKEY H M2 • For M A DIGITAL CERTIficate, THERE ARE FORMATTING REQUIREMENTS THAT NEED TO BE SATISfiED TO BE A VALID CERTIficate, BUT THIS IS ESSENTIALLY WHAT YOU ARE DOING ON PA 6. Flame MalwarE MD5 COLLISION ATTACK • When THE Flame MALWARE WAS DISCOVERed, PUBLIC RESEARCHERS HAD ALREADY PUBLISHED PRACTICAL MD5 COLLISION attacks. • But IT TURNS OUT THE COLLISION USED BY Flame USED A DIffERENT TECHNIQUE THAN THE ONE KNOWN IN public. • Follow-up RESEARCH BY MarC SteVENS GAVE TECHNIQUES FOR IDENTIFYING STRUCTURE IN A BLOB THAT INDICATED A HASH COLLISION attack. dm4=[!31!] dm11=[!-15!] dm14=[!31!] dm4=[!31!] dm11=[!15!] dm14=[!31!] dm4=[!31!] dm11=[!-15!] dm14=[!31!] dm4=[!31!] dm11=[!15!] dm14=[!31!] Q-3: |+....... ........ ........ ........| Q-3: |........ ........ ........ ..-.....| Q-3: |+....... ........ ........ ..-.....| Q-3: |........ ........ ........ ........| Q-2: |+....0+. ........ 000+---. ..000..1| Q-2: |00...... .1.1.01. ...1..+. ..-.10..| Q-2: |-1....+. .1.1.0.. 0....1+. .-+...0.| Q-2: |.1.10100 .....11. 10...... ..0.....| Q-1: |+....+-. 11...-++ ++1101+. 10011..1| Q-1: |110-+..1 .1.-.00. .+.+.... ..-110..| Q-1: |+01.-.+1 .0-+.0^. 011+---1 -++.0.10| Q-1: |^0.0101- .1.0^10. 11.0.... ..1.100^| Q0: |001.1+-. 01^.^111 -++----0 11+-+11-| ok p=1 Q0: |+-100..0 .-0+^++1 .0.+0.11 .110-+..| ok p=1 Q0: |1-0.1.+0 ^-0+1+-1 -1011+-0 001.1^-1| ok p=0.749023 Q0: |++1-++++ 1001---. --.1.... .1+.110-| ok p=1 Q1: |011.0.+. -+-^++1+ ++0000-1 +--0-11+| ok p=0.742188 Q1: |0+-++..- .-0++-+0 011-0..1 110+++..| ok p=0.49707 Q1: |10-.01.+ +++-0+10 --+111+- +--0-+1-| ok p=0.425781 Q1: |0-111110 1-1+1+-^ --1+.... .01^++-0| ok p=0.96875 Q2: |+--.-0-. -+1+0--0 1+1-1-++ -1-00+--| ok p=0.756836 Q2: |+0-0-.00 .-++00+- 0-1-+.1+ 1+-0++^.| ok p=0.166016 Q2: |.01.-011 00+-++0+ 0--+.--0 ++10+0+0| ok p=0.492188 Q2: |10-01110 +++1---+ +10+.... 0-0++++1| ok p=0.374023 Q3: |+--1-^1. .+100--+ 10---1+0 ---0++-1| ok p=1 Q3: |+010-000 .-+++0+1 +--.+^1+ -+-+++-.| ok p=1 Q3: |..1.-+11 +001++^+ 01-+0110 0+1++0++| ok p=0.833008 Q3: |-0-01^1+ +0+1--10 0-++^^.0 01+0+00.| ok p=1 Q4: |-010+-1. 10-1-01+ 0-000-1- 0+-10-1-| ok p=1 Q4: |-00-10+. .11-+-0+ +++11--0 -101-+0.| ok p=1 Q4: |..-.1-11 ++1-++-+ -1111--+ ++0+-+-1| ok p=1 Q4: |--0++-00 0-0+11++ ++-1-+10 -+00+-1.| ok p=1 Q5: |+00-+00^ 0++-11-0 +++0-111 01-+-100| ok p=1 Q5: |0-+-++-^ ^0110+1- -110+0-0 -0001+1^| ok p=1 Q5: |^^1^+1-- 10-01011 0+10-1-+ 0-+++000| ok p=0.499023 Q5: |-1++-0-1 +1-00+1- +0++110- -1--1+^^| ok p=1 Q6: |+-++++++ ++++---- ------+- --+-----| ok p=0.506836 Q6: |++----+- ---+---- -----+++ ++++++++| ok p=1 Q6: |+-++++++ ++++---- ------+- --+-----| ok p=1 Q6: |++----+- ---+---- -----+++ ++++++++| ok p=1 Q7: |.111-110 01.010.0 0101-110 1101.011| ok p=0.735352 Q7: |111.-111 1101011. 110-1001 +0100.00| ok p=1 Q7: |0010-000 01111011 1011-111 10.10010| ok p=1 Q7: |1000-010 00.1010. 101-0101 +0001.00| ok p=1 Q8: |11110110 0101000+ -0101111 0-100111| ok p=0.0507812 Q8: |00+0.111 10111101 -1101100 .1110011| ok p=0.170898 Q8: |00000100 1111111+ -1001111 1-010111| ok p=0.672852 Q8: |11+1.101 01011100 -1000101 .1000011| ok p=0.0566406 Q9: |...-1... .-.....1 0..1+... .1....^.| ok p=0.522461 Q9: |..0.1... .....-.. 0.10+... 0-....0.| ok p=0.563477 Q9: |...-1... .-.....1 0..1+... .1....^.| ok p=0.495117 Q9: |..0.1... .....-.. 0.10+... 0-....0.| ok p=0.573242 Q10: |...0...0 ^0.....0 1..+0... .0....-.| ok p=0.895508 Q10: |..0^...1 ^....0.. 0^0-1... .1....+.| ok p=0.121094 Q10: |...0...0 ^0.....0 1..+0... .0....-.| ok p=0.895508 Q10: |..0^...1 ^....0.. 0^0-1... .1....+.| ok p=0.120117 Q11: |..0+..^0 -1...^.. ...01... ......1.| ok p=0.822266 Q11: |..0-...1 +....-.. .+-01... .0..^.1.| ok p=0.899414 Q11: |..0+..^0 -1...^.. ...01... ......1.| ok p=0.807617 Q11: |..0-...1 +....-.. .+-01... .0..^.1.| ok p=0.889648 Q12: |.001..-+ 0....-.. .111.... ......1.| ok p=1 Q12: |.1-1..^+ 1....+.. .0+0.... ....+.1.| ok p=0.946289 Q12: |.001..-+ 0....-.. ..01.... ......1.| ok p=1 Q12: |.1-1..^+ 1....+.. .0+0.... ....+.1.| ok p=0.948242 Q13: |.1-1..0- 1....0.. 100....1 ....1...| ok p=1 Q13: |.0+1..-+ 1....0.. 100....1 ....0...| ok p=0.655273 Q13: |.1-1..0- 1....0.. 1^1....1 ....1...| ok p=1 Q13: |.0+1..-+ 1....0.. 100....1 ....0...| ok p=0.631836 Q14: |.-+...10 .....0.. 1-+....1 ....1...| ok p=0.556641 Q14: |.-+...1. .....1.. 1.+....1 ....1...| ok p=0.578125 Q14: |.-+...10 .....0.. 1-+....1 ....1...| ok p=0.586914 Q14: |.-+...1. .....1.. 1.+....1 ....1...| ok p=0.585938 Q15: |.0+....0 ........ +01....+ ....-...| ok p=0.998047 Q15: |.0+...10 ........ -.0....- ....-...| ok p=0.989258 Q15: |.0+....0 ........ +01....+ ....-...| ok p=0.994141 Q15: |.0+...10 ........ -.0....- ....-...| ok p=0.993164 Q16: |.^+..... .0...... .^^..... ........| ok p=0.892578 Q16: |.1+..... .0...... ..^..... ........| ok p=0.887695 Q16: |.^+..... .0...... .^^..... ........| ok p=0.879883 Q16: |.1+..... .0...... ..^..... ........| ok p=0.868164 Q17: |..1....

Load more

  35

Copy Link